07-27-2020 05:58 AM
Hello,
I face a problem with FTD version 6.4.0
I have previously disabled TLS 1.3 and http2 due to some sites not working.
Recently I tried to block youtube from a category of users, but it was not possible.
I put an access policy rule to block it.
In SSL policy it hits the default rule and it does not decrypt the page in order to block it.
In the events, it shows as blocked, but the page loads normally.
In the CLI when I input the command:
system support ssl-client-hello-display
I get the following:
extensions_remove 43,16,13172
tls13_downgrade=false
I tried to change tls13_downgrade to true but nothing changed.
Do you know what else I should check?
Thanks and Regards,
Konstantinos
07-27-2020 07:06 AM
Did you confirm it's using https over tcp/443 and not QUIC over udp/443?
07-27-2020 10:32 PM - edited 07-27-2020 10:44 PM
Hello Marvin,
Thank you for your reply!
Well, I have not checked that one.
I found this article on how to locate if you are using QUICK.
https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-reporting-implications/
I will check and if it is used how will I disable it?
Regards,
Konstantinos
07-27-2020 10:59 PM
If you block the outbound udp/443 traffic then the flow should revert to https over tcp/443.
07-27-2020 11:02 PM
07-29-2020 01:08 AM
Hello,
I checked and the protocol used is https.
This is the output of the Events in FMC
Destination Port / ICMP Code | SSL Status | SSL Flow Error | SSL Actual Action | SSL Expected Action | SSL Certificate Status | SSL Version | SSL Cipher Suite | SSL Rule | Application Protocol | Client | Web Application | Application Risk | Business Relevance | URL |
443 (https) / tcp | Do Not Decrypt(Uncached Session) | SESSION_UNKNOWN(0xb9000575) | Do Not Decrypt | Unknown | Not Checked | TLSv1.3 | Unknown | Default Rule | HTTPS | SSL client | YouTube | High | Very Low | https://www.youtube.com |
The TLS used is 1.3 but it should be 1.2.
Any idea what might be wrong?
Regards,
Konstantinos
07-29-2020 03:07 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide